Hacked Ports ? 21 23 443 


An attacker can use ( NetBIOS ) to enumerate users on a system 


Scanning is the information ... target user ? false types of 
reconnaissance ? 
tools used for reconnaissance ? Shodan & Google 


prevent port scanning attacks ? Install firewall SNMP 
is used for Send email messages ? Fales SMTP is 


used for Send email messages ? True Enumeration 


is useful .. the following ? Username 


What is scanning types ?Port 
Phishing is known .. personal information. ? Active sniffing 


is difficult to detect .. ? 
VPN can not prevent packet sniffing ? False 


Ian is 
Technigues for active sniffing? ARP spoofing & MAC flooding 
Goals of San” Hacking? Gaining Access & Hiding files & Clearing tracks & 


Malware is a file or code ... sensitive data? True 














Spoofing is the attacker .. data packets ? False 


Information gathered during Enumeration ? Users and groups & Auditing and service 
& Machine names 
examples of hacking? Keylogger & Fake WAP & Phishing & Virus 


System hacking is defined as the compromise of computer systems and software 


Does VPN prevent packet sniffing ? True 
Encryption can be Prevent Sniffing Attacks ? True 
There are — types of sniffing ? 2 Restriction of 

physical .. be installed ? True 

Denial (DoS\DDoS) is a simple .. IDs and passwords ? false 
Spoofing the attacker..using packet analyser ? false 
Active sniffing through a Hub ? 
Active sniffing Can easily be detected ? True 
Footprinting is 


























types of malware? 


is the information gathering phase in ethical hacking from the target user 
9 


Why is DNS enumeration important ? 


What is Types of reconnaissance ? Active & passive 
Security goals: Confidentiality & Integrity & Availability 


Enumeration is 
SMTP: The Simple Mail Transport Protocol ? 


Network Management Protocol ? True 
& Passive: without directly interacting 


Active: 


Luda Grae 
Which of the following tools are used for footprinting? Whois & SuperScan 


What is the next immediate step to be performed after footprinting? Scanning 
Which of the following is a tool for performing footprinting undetected? Whois search 
What is footprinting? Accumulation of data by gathering information on a target 


SNMP: The Simple 










NSlookup can be used to gather information regarding which of the 
following? 
A is used to connect to a remote system using NetBIO ? NULL session 
How to Prevent Sniffing Attacks? Active sniffing 
is difficult to detect 
Hash is used to connect to a remote system using JA m 
TCP 137: NetBIOS session Service (SMB over NetBIOS) ? 

SNMP is stand for Simple Mail Transport Protocol ? false 

TCP 139: NetBIOS Name Service ? 
Scanning: 


difference between mapp and netstat? 


Q1/Enumeration is useful to system hacking because it provides Passwords and IP ranges 


















True 

Q2/Reconnaissance is considered the last -attack phase 

False 

Q3/What are the tools used for reconnaissance 

Google 2.maltego 3.fire compass 4.recon-ng 5.shodan 6.censys 7.nmap 8.spiderfoot 9.dataspoilt 
10.aquatone 

Q4/ As active reconnaissance is all about interacting with target victim directly, hence telephonic calls as a 
legitimate customer care person or help desk person, the attacker can get more information about the 
target user 

True 





Q1/ what are Goals of System Hacking list 4 

e Gaining Access e Escalating privileges e Executing applications ¢ Hiding files e Clearing tracks 

Q2/ Techniques for active sniffing 

ARP spoofing 2. MAC flooding 

Q3/ Passive sniffing through a switch 

False 

Q4/ What is Sniffing 

Sniffing is the process of monitoring and capturing all data packets that eare passing through a computer 
network using packet sniffers. ... Data packets captured from a network are used to extract and steal 
sensitive information such as passwords, usernames, credit card information. 

Q5/ Malware is a file or code, typically delivered over a network, that infects, explores, steals or conducts 
virtually any behavior an attacker wants. ... Investigate the infected user's local network. Steal sensitive 
data 

True 

Q6/ Active sniffing is difficult to detect 

False 

Q7/ Spoofing is the attacker listens into a networks’ data traffic and captures data packets 

False 

Q8/ Phishing is known by a different name, UI Redress. In this attack, the hacker hides the actual UI where 
the victim is supposed to click. This behavior is very common in app download, movie streaming, and 
torrent websites. While they mostly employ this technique to earn advertising dollars, others can use it to 
steal your personal information 

False 

Q9/ To Prevent Sniffing Attacks you have to uninstall firewall 

False 

Q10/ VPN can not prevent packet sniffing 

False 


what is enumeration 


Enumeration is the process of extracting information from a target system to determine 
more of the configuration and environment present. In many cases it is possible to 
extract information such as usernames, machine names, shares, and services from a 
system as well as other information, depending on the OS itself. 


However, unlike with previous phases, you will be initiating active connections to a 
system in an effort to gather a wide range of information. With this in mind, you need to 
view enumeration as a phase that comes with much greater chances of getting caught. 
Take extra effort to be precise lest you risk detection. 


e Types of information enumerated by intruders: 


e Network resources and shares 
e Users and groups 

e Routing tables 

e Auditing and service settings 

e Machine names 

e Applications and banners 

e SNMP and DNS details 


e Exploiting SNMP The Simple Network Management Protocol (SNMP) 
can be exploited by an attacker who can guess the strings and use 
them to extract usernames. 


e Exploiting SMTP The Simple Mail Transport Protocol (SMTP) can be 
exploited by an attacker who can connect to and extract information 
about usernames through an SMTP server. 


Why is DNS enumeration important? 


There are a few reasons why DNS enumeration is important. It can reveal the 
size of the enterprise of the target organization which can translate to the 
potential size of the attack surface. Enumerating the number of domains and 
sub-domains can reveal how large or small the organization may be. 


Services and Port to Enumerate 


TCP 53: DNS Zone transfer 

TCP 135: Microsoft RPC Endpoint Mapper 

TCP 137: NetBIOS Name Service 

TCP 139: NetBIOS session Service (SMB over NetBIOS) 
TCP 445: SMB over TCP (Direct Host) 

UDP 161: SNMP 

TCP/UDP 389: LDAP 

TCP/UDP 3368: Global Catalog Service 

TCP 25: Simple Mail Transfer Protocol (SMTP) 


NULL SESSIONS 


eA is used to connect to a remote system using NetBIOS. 
e NULL session 

e Hash 

e Rainbow table 

e Rootkit 


e Port number is used for SMTP. 

e 25 

e 110 

* 389 

e 52 

e Port number is used by DNS for zone transfers. 
e 53 TCP 

e 53 UDP 

e 25 TCP 

e 25 UDP 


Which tools are used for enumeration? 
1.Nikto. 

2.Dirbuster. 

3.Wpscan. 


4.Dnsenum 


mone> 


Which of the following tools can be used for operating system 
prediction from network and communication analysis? (Choose all 
that apply.) 


Nmap 
Whois 
Queso 


. ToneLoc 


MBSA 


You are told to monitor a packet capture for any attempted DNS zone transfer. Which port 
should you focus your search on? 


A. TCP 22 
B. TCP 53 
C. UDP 22 
D. UDP 53 


Which of the following are SNMP enumeration tools? (Choose all that apply.) 


Nmap 

. SNMPUtil 

. ToneLoc 

. OpUtils 

. SolarWinds 
NSAuditor 


nmw 


e An attacker can use to enumerate users on a system. 
e NetBIOS 

e TCP/IP 

e NetBEUI 

e NNTP 


Enumeration is useful to system hacking 
because it provides which of the following? 


Passwords 
IP ranges 


Configurations 


= JE Ue [f 


Usernames 


SMTP is used to perform which function? 


Monitor network eguipment 
Transmit status information 
Send email messages 


SL Se 


Transfer files 


SNMP is used to do which of the following? 


Transfer files 
Synchronize clocks 
Monitor network devices 


of oS 


Retrieve mail from a server 
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Malware 


Malware (short for “malicious software”) is a file or code, typically delivered over a 
network, that infects, explores, steals or conducts virtually any behavior an attacker 
wants. ... Investigate the infected user's local network. Steal sensitive data. 
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What are the 4 types of malware? 
Worm. ... 

Trojan Horse. ... 

Spyware. ... 


SS 


Adware. 
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How can | tell if my device has malware? 


A sudden appearance of pop-ups with invasive advertisements. ... 
A puzzling increase in data usage. ... 
Bogus charges on your bill. ... 

Your battery runs down quickly. ... 


Your phone is hot. ... 


0000 eS SS 


Apps you didn't download. 


Your contacts receive strange emails and texts from your phone. ... 
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e The 5 Most Dangerous Types of Malware to Be Cautious of in 2021 


1. Ransomware — a Corporate Level Threat. Extorting and exploiting innocent 
yet naive internet users just won't do for big shot hackers anymore. ... 


Mobile Malware — Not Pocket-Friendly. ... 
Adware — the Annoying Salesperson. ... 
Remote Access Trojans (RAT) — Uninvited Guests. ... 


oS 


Banking Trojans — Better Not Let Them In. 
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e How to prevent malware 

Keep your computer and software updated. ... 

Use a non-administrator account whenever possible. ... 
Think twice before clicking links or downloading anything. ... 
Be careful about opening email attachments or images. ... 


oe ee 1 


Limit your file-sharing. 


Don't trust pop-up windows that ask you to download software. ... 
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What can hackers do with malware? 


Computer hackers are unauthorized users who break into computer systems in 
order to steal, change or destroy information, often by installing 

dangerous malware without your knowledge or consent. Their clever tactics and 
detailed technical knowledge help them access the information you really don't 
want them to have. 
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e How to remove viruses and other malware from your device 


e Power off the phone and reboot in safe mode. Press the power button to 
access the Power Off options. ... 


e Uninstall the suspicious app. ... 
e Look for other apps you think may be infected. ... 
e Install a robust mobile security app on your phone. 
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Spyware 


oe lS ee 


adware, 

system monitors 

tracking including web tracking, and trojans 
web beacons. 
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What happens when you get malware? 


In short, malware can wreak havoc on a computer and its network. Hackers use 
it to steal passwords, delete files and render computers inoperable. A malware 
infection can cause many problems that affect daily operation and the long- 
term security of your company. 
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Can malware steal your password? 


Spyware is a spy malware that monitors everything you see 


and does on your device. Its job is to steal data and passwords from its victims, 
allowing the cybercriminal access to all kinds of accounts, including email 
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What Is the Purpose of Malware 


The purpose of malware is to intrude on a machine for a variety of reasons. 
From theft of financial details, to sensitive corporate or persona! 

information, malware is best avoided, for even if it has no malicious purpose at 
present, it could well have so at some point in the future. 
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What Is the Purpose of Malware 


The purpose of malware is to intrude on a machine for a variety of reasons. 
From theft of financial details, to sensitive corporate or persona! 

information, malware is best avoided, for even if it has no malicious purpose at 
present, it could well have so at some point in the future. 
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Who creates malware? 


Malware is created by a wide range of people such as vandals, 
swindlers, blackmailers, and other criminals. 
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How do malware attacks occur? 


When you download an mp3, video file or any other software from suspicious 
sites, malware can be downloaded into your PC without your knowledge. 


Similarly, malware can get into your PC if you click on links from suspicious 
emails sent from unknown email addresses. 
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What are the latest malware threats? 
10 Latest (MOST DANGEROUS) Virus & Malware Threats in 2021 


Clop Ransomware. Ransomware is malware which encrypts your files until you pay a 
ransom to the hackers. ... 


Fake Windows Updates (Hidden Ransomware) ... 
Zeus Gameover. ... 

Raas. ... 

5. News Malware Attacks. ... 

Fleeceware. ... 

loT Device Attacks. ... 

Social Engineering. 
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Who made the I Love You virus? 
Onel de Guzman 


Creation. ILOVEYOU was created by Onel de Guzman, a college student in 
Manila, Philippines, who was 24 years old at the time. 
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Does antivirus protect against malware? 


While the term antivirus denotes that it only protects against computer viruses, 
its features often protect against the many common forms of malware today. ... 
Antimalware detects more advanced forms of malware, like zero-day attacks, 
while antivirus software defends against the traditional, more established 
threats. 


ea 
we Ae 
— = 
-Iya 
Ig -iAill aaan jao Aots!ii GaninGoail 
Technical and Vocational Training Corporation 


Do you really need malware protection? 


Windows, Android, iOS, and Mac operating systems all have decent security 
protections, so is an antivirus still necessary in 2021? The answer is a 
resounding YES! 
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Do you really need malware protection? 


Windows, Android, iOS, and Mac operating systems all have decent security 
protections, so is an antivirus still necessary in 2021? The answer is a 
resounding YES! 
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e How can spyware threats be prevented? 

Protection your system(s) from adware and spyware 
Avoid visiting trustworthy websites. 

Install anti-virus/anti-malware application. ... 

Do not believe in emails that look too good to be true. 


3 5 8 


Avoid clicking on the links or downloading attachments in emails that appear 
to come from an unknown source. 
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e Can Windows Defender remove malware? 


e ------------- lf Windows Defender detects malware, it will remove it from your 
PC. However, because Microsoft doesn't update Defender's virus definitions 
regularly, the newest malware won't be detected 
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Sniffing 


Sniffing is the process of monitoring and capturing all data packets that ° 
are passing through a computer network using packet sniffers. ... Data 
packets captured from a network are used to extract and steal sensitive 
information such as passwords, usernames, credit card information 
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e The Difference Between Sniffing and Spoofing 


e In sniffing, the attacker listens into a networks’ data traffic and 
captures data packets using packet sniffers. In spoofing, the attacker 
steals the credentials of a user and uses them in a system as a 
legitimate user. Spoofing attacks are also referred to as man-in-the- 


middle attacks since the attacker gets in the middle of a user and a 
system. 
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Types of Sniffing: 

There are two types of sniffing: 

Passive sniffing:Sniffing through a Hub. 
Active sniffing:Sniffing through a Switch. 


Passive Sniffing: 

It is called passive because it is difficult to detect. 
“Passive sniffing” means sniffing through a hub. 
Attacker simply connects the laptop to the hub and starts sniffing. 
Active Sniffing: 

Sniffing through a switch. 

Difficult to sniff. 

Can easily be detected. 
Techniques for active sniffing: 

ARP (Address Resolution protocol) spoofing. 
MAC flooding. 
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How to Prevent Sniffing Attacks 


Untrusted networks: users should avoid connecting to unsecured networks, which includes free public Wi-Fi. These 
unsecured networks are dangerous since an attacker can deploy a packet sniffer that can sniff the entire network. 
Another way an attacker can sniff network traffic is by creating their own fake—free public Wi-Fi. 

Encryption: is the process of converting plaintext into gibberish in order to protect the message from attackers. Before 
leaving the network, the information should be encrypted to protect it from hackers who sniff into networks. This is 
achieved through the use of a virtual private network (VPN). 

Network scanning and monitoring: Network administrators should scan and monitor their networks to detect any 
suspicious traffic. This can be achieved by bandwidth monitoring or device auditing. 

In information security, ethical hackers also use sniffing technigues to acguire information that could help them 
penetrate a system. If used by professionals like ethical hackers, packet sniffers could help in identifying a system's 
vulnerabilities. 

Becoming a Certified Ethical Hacker (CEH) would put you on the front lines of being able to detect and mitigate these 
sniffing attacks, thereby keeping the network safe. You would learn all the techniques and tools hackers use to 
compromise systems, then use those same tools and techniques against the bad guys to help protect your clients. 

e Restriction of physical access to network media ensures that a packet sniffer cannot be installed. 
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How do hackers use packet sniffers? 


Once the raw packet data is captured, the packet sniffing software analyzes it and presents it in 
human-readable form so that the person using the software can make sense of it. ... Hackers 


use sniffers to eavesdrop on unencrypted data in the packets to see what information is being 
exchanged between two parties 
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Can WIFI traffic be intercepted and read by anyone? 
Yes, just like any non-encrypted wifi traffic your packets can be analyzed. If you are going through a cellular 
network then you have more protection, but if anyone has the tools they can read that traffic too 
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Does VPN prevent packet sniffing? 


e One effective way to protect yourself from packet sniffers is to tunnel your 
connectivity a virtual private network, or a VPN. A VPN encrypts the traffic 
being sent between your computer and the destination. ... A packet 
sniffer would only see encrypted data being sent to your VPN service 


provider. 
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Is it illegal to use Wireshark? 


Sometimes Wireshark is called a network analyzer or a sniffer. Wireshark is a powerful tool and 
technically can be used for eavesdropping. ... Wireshark is legal to use, but it can become illegal if 
cybersecurity professionals attempt to monitor a network that they do not have explicit 
authorization to monitor 
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e Active sniffing is difficult to detect. 
a) True 
b) False 


e _ There are 
a) 2 
b) 3 
c) 4 
d) 5 
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types of sniffing. 
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System hacking 


System hacking is defined as the compromise of computer systems and ° 
software to access the target computer and steal or misuse their sensitive 
information. Here the malicious hacker exploits the weaknesses in a 
computer system or network to gain unauthorized access to its data or 
take illegal advantage. 
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Goals of System Hacking 


e Gaining Access 

e Escalating privileges 

e Executing applications 
e Hiding files 

e Clearing tracks 
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What are some examples of hacking? 


e Keylogger. ... 

e Denial of Service (DoS\DDOS) ... 

e Waterhole attacks. ... 

e Fake WAP. ... 

e Eavesdropping (Passive Attacks) ... 
e Phishing. ... 

e Virus, Trojan, etc. ... 

e ClickJacking Attacks. 
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Keylogger 


A keylogger is a simple software that records the key sequence and strokes of your keyboard into a log file on your 
machine. These log files might even contain your personal email IDs and passwords. Also known as keyboard capturing, 
it can be either software or hardware. While software-based keyloggers target the programs installed on a computer, 
hardware devices target keyboards, electromagnetic emissions, smartphone sensors, etc. 

Keylogger is one of the main reasons why online banking sites give you an option to use their virtual keyboards. So, 
whenever you’re operating a computer in a public setting, try to take extra caution. 


4 
ys 
_— 


: Ig Äi ou jaoi aotsii & ali 
Technical and Vocational Training Corporation 


Denial of Service (DoS\DDoS) 


A Denial of Service attack is a hacking technigue of taking down a site or server by flooding that site or 
server with a huge amount of traffic so that the server is unable to process all the reguests in real-time and 
finally crashes down. 

In this popular technique, the attacker floods the targeted machine with tons of requests to overwhelm the 
resources, which, in turn, restricts the actual requests from being fulfilled. 

For DDoS attacks, hackers often deploy botnets or zombie computers that have only one task, that is, to 


flood your system with request packets. With each passing year, as the malware and types of hackers keep 
getting advanced, the size of DDoS attacks keeps increasing. 
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Fake WAP 


Just for fun, a hacker can use software to fake a wireless access point. This WAP connects to the 
official public place WAP. Once you get connected to the fake WAP, a hacker can access your 
data, just like in the case above. 

It’s one of the easier hacks to accomplish and one needs a simple software and wireless network 
to execute it. Anyone can name their WAP as some legit name like “Heathrow Airport WiFi” or 
“Starbucks WiFi” and start spying on you. One of the best ways to protect yourself from such 
attacks is by using a quality VPN service. 
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Eavesdropping (Passive Attacks) — 


e Unlike other attacks that are active in nature, using a passive attack, a hacker 
can monitor the computer systems and networks to gain some unwanted 
information. 


e The motive behind eavesdropping is not to harm the system but to get some 
information without being identified. These types of hackers can target 
email, instant messaging services, phone calls, web browsing, and other 
methods of communication. Those who indulge in such activities are 
generally black hat hackers, government agencies, etc. 
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Phishing 


Phishing is a hacking technique using which a hacker replicates the most-accessed sites and traps the victim 
by sending that spoofed link. Combined with social engineering, it becomes one of the most commonly used 
and deadliest attack vectors. 

Once the victim tries to login or enters some data, the hacker gets the private information of the target victim 
using the trojan running on the fake site. Phishing via iCloud and Gmail account was the attack route taken by 
hackers who targeted the “Fappening” leak, which involved numerous Hollywood female celebrities. 
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Virus, Trojan, 


e Virus or trojans are malicious software programs which gets installed into 
the victim’s system and keeps sending the victims data to the hacker. They 
can also lock your files, serve fraud advertisement, divert traffic, sniff your 
data, or spread on all the computers connected to your network. 


e You can read the comparison and difference between various malware, 
worms, trojans, etc., by visiting the link given below. 
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ClickJacking Attacks 


e ClickJacking is also known by a different name, UI Redress. In this attack, the 
hacker hides the actual UI where the victim is supposed to click. This behavior is 
very common in app download, movie streaming, and torrent websites. While 
they mostly employ this technique to earn advertising dollars, others can use it to 
steal your personal information. 


e In other words, in this type of hacking, the attacker hijacks the clicks of the victim 
that aren’t meant for the exact page, but for a page where the hacker wants you 
to be. It works by fooling an internet user into performing an undesired action by 
clicking on the hidden link. 


Cookie theft 


e The cookies in our browser store personal data such as browsing history, username, and 
passwords for different sites we access. Once the hacker gets the access to your cookie, he 
can even authenticate himself as you on a browser. A popular method to carry out this attack 
is to manipulate a user's IP packets to pass through attacker's machine. 


e Also known as I or Session Hijacking, this attack is easy to carry outif the user is 
not using SSL (https) for the complete session. On the websites where you enter your 
pee W banking details, it's of utmost importance for them to make their connections 
encrypted. 
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Bait and Switch 


Using bait and switch hacking technigue, an attacker can buy advertising spaces on the websites. Later, when a user 
clicks on the ad, he might get directed to a page that's infected with malware. This way, they can further install 
malware or adware on your computer. The ads and download links shown in this technigue are very attractive and 
users are expected to end up clicking on the same. 

The hacker can run a malicious program which the user believes to be authentic. This way, after installing the 
malicious program on your computer, the hacker gets unprivileged access to your computer. 

In the near future, we're going to publish a list of different types of hackers, so stay tuned for more interesting 
information and hacking. 
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reconnaissance 


e Why is reconnaissance important in cyber security? 


e A Recon is an important step in exploring an area to steal confidential 
information. It also plays a key role in penetration testing. ... By using a 
recon, an attacker can directly interact with potential open ports, services 
running etc. or attempt to gain information without actively engaging with 
the network 
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Why do hackers do reconnaissance? 


e Reconnaissance is considered the first pre-attack phase and is a 
systematic attempt to locate, gather, identify, and record information 
about the target. ... Hackers can gather information in many 
different ways, and the information they obtain allows them to 
formulate a plan of attack 
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What is active and passive reconnaissance? 


e Passive Cyber Reconnaissance 


e Passive recon is when you gather information about a target without directly interacting with 
the target. This means that you don’t send any type of request to the target and therefore the 
target has no way of knowing that you are gathering information on them. Generally passive 
information gathering uses public resources that have information on that target. Using public 
resources to gather information is called Open source I (OSINT). Using OSINT you can 
gather things such as IP addresses, domain names, email addresses, names, hostnames, dns 
records and even what software is running on a website and it's associated CVE's. Here are some 
common tools penetration testers use for passive information gathering: 
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Active Cyber Reconnaissance 


Active recon is when you interact directly with a computer system in order to gather system specific information about 
the target. Unlike passive information gathering that relies on publicly available information, active information 
gathering relies on tools that will send different types of reguests to the computer. The goal is to gather information 
about that device or other devices that are connected to it on the same network. Active recon can be used to find out 
information such as open/closed ports, the OS of a machine, the services that are running, banner grabbing, 
discovering new hosts or find vulnerable applications on a host. The main drawback of active reconnaissance 
compared to passive reconnaissance is that direct interaction with the host has a chance of triggering the systems 


IDS/IPS and alerting people to your activity. Here are some of the most commonly used active information gathering 
tools 
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active information gathering tools: 


e Nmap: is an open source network mapper and port scanner. This means it can be used 
to perform ping sweeps that discover new hosts as well as scan currently known hosts to 
find information on; what ports are open, what services are running on those ports, the 
Wea operating systems and with some configuration known CVEs associated with 
those services. 


e Nessus: is a commercial vulnerability scanner. It scans hosts and identifies vulnerable 
applications running on that host in an organized report. Unlike nmap this tool is not free, 
but it provides very comprehensive reports and is widely used within the industry. 


e Nikito : is a free command line web server scanner that identifies vulnerabilities on web 


dA This includes dangerous files, outdated server software and other common 
problems 
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Is passive reconnaissance legal? 


Passive reconnaissance gathers data from open source information 
Looking at open source information is entirely legal. A company can do 
little to protect against the release of this information, 
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What are the tools used for reconnaissance? 


Top 10 Tools for Reconnaissance 

1. Google. For every penetration tester, Google should be the first tool to use for 
continuous cyber recon. ... 

2. MaltegoCE. Maltego is a interactive data mining tool that presents data informed by 

graphs for analysis. ... 

FireCompass. ... 

Recon- NG. ... 

Shodan. ... 

Censys. ... 

nMap. ... 

Spiderfoot. 

Dataspoilt 

10. Aquatone 
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What is reconnaissance in networking? 


e Network reconnaissance is a term for testing for potential vulnerabilities in a computer 
network. This may be a legitimate activity by the network owner/operator, seeking to 
protect it or to enforce its acceptable use policy. It also may be a precursor to external 
attacks on the network 
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What is active and passive information? 


Passive information gathering refers to gathering as much information as 
possible without establishing contact between the pen tester (yourself) and the 
target about which you are collecting information. Active information gathering 
involves contact between the pen tester and the actual target 
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e Q1. is the information gathering phase in ethical hacking from the target 
user. 


a) Reconnaissance 

b) Scanning 

c) Gaining access 

d) Maintaining access 


e Q2.Which of the following is not a reconnaissance tool or technique for information 
gathering? 


N Hping 

b) NMAP 

c) Google Dorks 
d) Nexpose 
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Q3.There are subtypes of reconnaissance. 
a) 2 
b) 3 
c) 4 
d) 5 


Q4. Which of the following is an example of active reconnaissance? 
a) Searching public records 

b) Telephone calls as a help desk or fake customer care person 

c) Looking for the target's details in the database 

d) Searching the target's details in paper files 
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1. (A) Reconnaissance is the phase where the ethical hacker tries to gather different kinds of information 
about the target user or the victim's system 


2. (D) Hping, NMAP & Google Dorks are tools and technigues for reconnaissance. Nexpose is a tool for 
scanning the network for vulnerabilities. 


3. (A) Reconnaissance can be done in two different ways, Active , Passive 


4. (B) As active reconnaissance is all about interacting with target victim directly, hence telephonic calls as 
a legitimate customer care person or help desk person, the attacker can get more information about the 


target user. 
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scanning 


Scanning is a set of procedures for identifying live hosts, ports, * 
and services, discovering Operating system and architecture of 
target system, Identifying vulnerabilities and threats in the 
network. ... Scanning refers to collecting more information using 
complex and aggressive reconnaissance technigues 
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What is scanning and its types? 


e Scanning is of three types: 
e Port scanning - used to list open ports and services. 
e Network scanning - used to list IP addresses. 


e Vulnerability scanning - used to discover the presence of known 
vulnerabilities. 
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How do | prevent port scanning attacks? 


Install a Firewall: A firewall can help prevent unauthorized access to your 
private network. It controls the ports that are exposed and their visibility. 
Firewalls can also detect a port scan in progress and shut them down. 
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Is port scanning illegal? 


e In the U.S., no federal law exists to ban port scanning. However — while 
not explicitly illegal — port and vulnerability scanning without permission 
can get you into trouble: ... Civil lawsuits — The owner of a scanned system 
can sue the person who performed the scan. 


Ig -iäilll UygGaill däots!ii ämmä nli 


timal : 
Technical and Vocational Training Corporation 


e ls Nmap scanning illegal? 


e Using Nmap is not exactly an illegal act since no federal law in the United 
States explicitly bans port scanning. Effective use of Nmap can protect 
your system network from intruders. However, unapproved 
port scanning for whatever reason can get you jailed, fired, disqualified, or 
even prohibited by your ISP 
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How do I stop port scanning? 


If someone selects the Disable Port Scan and DoS Protection check box on the WAN 
screen, that disables the protection. Type the user name as admin and the password as 
password and click OK. Select Advanced Setup > WAN. Respond to Ping on 

Internet port can also be enabled / Disabled in this section. 
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What is the benefit of port scanning? 


e What is the benefit of port scanning? 


e Running a port scan on a network or server reveals which ports are open and listening 
(receiving information), as well as revealing the presence of security devices such as 
firewalls that are present between the sender and the target. This technique is known 
as fingerprinting. 
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Can nmap be detected? 


e Intrusive scans, particularly those using Nmap version detection, can often 
be detected this way. But only if the administrators actually read the system logs 
regularly. 
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Can nmap be detected? 


e Intrusive scans, particularly those using Nmap version detection, can often 
be detected this way. But only if the administrators actually read the system logs 
regularly. 
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Can nmap be detected? 


e Intrusive scans, particularly those using Nmap version detection, can often 
be detected this way. But only if the administrators actually read the system logs 
regularly. 
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Should | disable port scan? 


e Run a port scan from inside your firewall (if you have one), to see what internet 
services are installed on your machine. Run this test for all ports (1-65535) and for all 
protocols (UDP and TCP). ... Disabling unsused services can make your machines less 


vulnerable to attack. 
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What ports do hackers use? 


e What ports do hackers use? 

e Commonly Hacked Ports 

e TCP port 21 — FTP (File Transfer Protocol) 

e TCP port 22 — SSH (Secure Shell) 

e TCP port 23 — Telnet. 

e TCP port 25 — SMTP (Simple Mail Transfer Protocol) 

e TCP and UDP port 53 — DNS (Domain Name System) 

e TCP port 443 — HTTP (Hypertext Transport Protocol) and HTTPS (HTTP over SSL) 
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What ports do hackers use? 


e What ports do hackers use? 

e Commonly Hacked Ports 

e TCP port 21 — FTP (File Transfer Protocol) 

e TCP port 22 — SSH (Secure Shell) 

e TCP port 23 — Telnet. 

e TCP port 25 — SMTP (Simple Mail Transfer Protocol) 

e TCP and UDP port 53 — DNS (Domain Name System) 

e TCP port 443 — HTTP (Hypertext Transport Protocol) and HTTPS (HTTP over SSL) 
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What is port scanning attack? 


e A port scan is a common technique hackers use to discover open doors or weak points 
in a network. A port scan attack helps cyber criminals find open ports and figure out 
whether they are receiving or sending data. It can also reveal whether active security 
devices like firewalls are being used by an organization 
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How do hackers use open ports? 


Malicious ("black hat") hackers (or crackers) commonly use port scanning software to 
find which ports are "open" (unfiltered) in a given computer, and whether or not an 
actual service is listening on that port. They can then attempt to exploit potential 


vulnerabilities in any services they find. 
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How would you tell Nmap to scan all ports? 


e To get started, download and install Nmap from the nmap.org website and then launch 
a command prompt. Typing nmap [hostname] or nmap [ip address] will initiate a 
default scan. A default scan uses 1000 common TCP ports and has Host Discovery 
enabled. Host Discovery performs a check to see if the host is online 
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How do | scan for open ports on my network? 


e 3 ways to check your network for open ports 


e Use an online port scanner to test your network perimeter. ... 


e Use a local port scanner to find open ports on your network devices. ... 


e Do it the old fashioned way, from the command-line. 
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Why do hackers use nmap? 


e Nmap can be used by hackers to gain access to uncontrolled ports on a system. All 
a hacker would need to do to successfully get into a targeted system would be to run 
Nmap on that system, look for vulnerabilities, and figure out how to exploit 
them. Hackers aren't the only people who use the software platform, however. 
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What is the difference between nmap and 
netstat? 


e What is the difference between nmap and netstat? 


e Nmap is a Network mapping tool. That means it's used to discover informations about 
hosts on a network (their ip, open ports, etc). Whereas Netstat is a network statistic 
tool used to list active connections from and to your computer 
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Are port scans dangerous? 


e A port scan can help an attacker find a weak point to attack and break into a computer 
system. ... Just because you've found an open port doesn't mean you can attack it. But, 
once you've found an open port running a listening service, you can scan it for 


vulnerabilities. That's the real danger. 


